nixpkgs/nixos/modules/services/networking/namecoind.nix


{ config, lib, pkgs, ... }:

with lib;

let
  cfg     = config.services.namecoind;
  dataDir = "/var/lib/namecoind";
  useSSL  = (cfg.rpc.certificate != null) && (cfg.rpc.key != null);
  useRPC  = (cfg.rpc.user != null) && (cfg.rpc.password != null);

  listToConf = option: list:
    concatMapStrings (value :"${option}=${value}\n") list;

  configFile = pkgs.writeText "namecoin.conf" (''
    server=1
    daemon=0
    txindex=1
    txprevcache=1
    walletpath=${cfg.wallet}
    gen=${if cfg.generate then "1" else "0"}
    ${listToConf "addnode" cfg.extraNodes}
    ${listToConf "connect" cfg.trustedNodes}
  '' + optionalString useRPC ''
    rpcbind=${cfg.rpc.address}
    rpcport=${toString cfg.rpc.port}
    rpcuser=${cfg.rpc.user}
    rpcpassword=${cfg.rpc.password}
    ${listToConf "rpcallowip" cfg.rpc.allowFrom}
  '' + optionalString useSSL ''
    rpcssl=1
    rpcsslcertificatechainfile=${cfg.rpc.certificate}
    rpcsslprivatekeyfile=${cfg.rpc.key}
    rpcsslciphers=TLSv1.2+HIGH:TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH
  '');

in

{

  ###### interface

  options = {

    services.namecoind = {

      enable = mkEnableOption "namecoind, Namecoin client";

      wallet = mkOption {
        type = types.path;
        default = "${dataDir}/wallet.dat";
        description = ''
          Wallet file. The ownership of the file has to be
          namecoin:namecoin, and the permissions must be 0640.
        '';
      };

      generate = mkOption {
        type = types.bool;
        default = false;
        description = ''
          Whether to generate (mine) Namecoins.
        '';
      };

      extraNodes = mkOption {
        type = types.listOf types.str;
        default = [ ];
        description = ''
          List of additional peer IP addresses to connect to.
        '';
      };

      trustedNodes = mkOption {
        type = types.listOf types.str;
        default = [ ];
        description = ''
          List of the only peer IP addresses to connect to. If specified
          no other connection will be made.
        '';
      };

      rpc.user = mkOption {
        type = types.nullOr types.str;
        default = null;
        description = ''
          User name for RPC connections.
        '';
      };

      rpc.password = mkOption {
        type = types.nullOr types.str;
        default = null;
        description = ''
          Password for RPC connections.
        '';
      };

      rpc.address = mkOption {
        type = types.str;
        default = "0.0.0.0";
        description = ''
          IP address the RPC server will bind to.
        '';
      };

      rpc.port = mkOption {
        type = types.port;
        default = 8332;
        description = ''
          Port the RPC server will bind to.
        '';
      };

      rpc.certificate = mkOption {
        type = types.nullOr types.path;
        default = null;
        example = "/var/lib/namecoind/server.cert";
        description = ''
          Certificate file for securing RPC connections.
        '';
      };

      rpc.key = mkOption {
        type = types.nullOr types.path;
        default = null;
        example = "/var/lib/namecoind/server.pem";
        description = ''
          Key file for securing RPC connections.
        '';
      };


      rpc.allowFrom = mkOption {
        type = types.listOf types.str;
        default = [ "127.0.0.1" ];
        description = ''
          List of IP address ranges allowed to use the RPC API.
          Wiledcards (*) can be user to specify a range.
        '';
      };

    };

  };


  ###### implementation

  config = mkIf cfg.enable {

    users.users.namecoin = {
      uid  = config.ids.uids.namecoin;
      description = "Namecoin daemon user";
      home = dataDir;
      createHome = true;
    };

    users.groups.namecoin = {
      gid  = config.ids.gids.namecoin;
    };

    systemd.services.namecoind = {
      description = "Namecoind daemon";
      after    = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];

      startLimitIntervalSec = 120;
      startLimitBurst = 5;
      serviceConfig = {
        User  = "namecoin";
        Group = "namecoin";
        ExecStart  = "${pkgs.namecoind}/bin/namecoind -conf=${configFile} -datadir=${dataDir} -printtoconsole";
        ExecStop   = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";
        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
        Nice = "10";
        PrivateTmp = true;
        TimeoutStopSec     = "60s";
        TimeoutStartSec    = "2s";
        Restart            = "always";
      };

      preStart = optionalString (cfg.wallet != "${dataDir}/wallet.dat")  ''
        # check wallet file permissions
        if [ "$(stat --printf '%u' ${cfg.wallet})" != "${toString config.ids.uids.namecoin}" \
           -o "$(stat --printf '%g' ${cfg.wallet})" != "${toString config.ids.gids.namecoin}" \
           -o "$(stat --printf '%a' ${cfg.wallet})" != "640" ]; then
           echo "ERROR: bad ownership or rights on ${cfg.wallet}" >&2
           exit 1
        fi
      '';

    };

  };

  meta.maintainers = with lib.maintainers; [ rnhmjoj ];

}
cleanup redundant text in modules utilizing mkEnableOption Closes #59911 2019-04-20 01:41:48 +00:00
namecoind nixos module: init 2015-09-08 17:24:40 +00:00			`{ config, lib, pkgs, ... }:`

			`with lib;`

			`let`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`cfg = config.services.namecoind;`
			`dataDir = "/var/lib/namecoind";`
			`useSSL = (cfg.rpc.certificate != null) && (cfg.rpc.key != null);`
			`useRPC = (cfg.rpc.user != null) && (cfg.rpc.password != null);`
namecoind nixos module: init 2015-09-08 17:24:40 +00:00
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`listToConf = option: list:`
			`concatMapStrings (value :"${option}=${value}\n") list;`

			`configFile = pkgs.writeText "namecoin.conf" (''`
namecoind nixos module: init 2015-09-08 17:24:40 +00:00			`server=1`
			`daemon=0`
			`txindex=1`
			`txprevcache=1`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`walletpath=${cfg.wallet}`
			`gen=${if cfg.generate then "1" else "0"}`
			`${listToConf "addnode" cfg.extraNodes}`
			`${listToConf "connect" cfg.trustedNodes}`
			`'' + optionalString useRPC ''`
			`rpcbind=${cfg.rpc.address}`
			`rpcport=${toString cfg.rpc.port}`
			`rpcuser=${cfg.rpc.user}`
			`rpcpassword=${cfg.rpc.password}`
			`${listToConf "rpcallowip" cfg.rpc.allowFrom}`
			`'' + optionalString useSSL ''`
			`rpcssl=1`
			`rpcsslcertificatechainfile=${cfg.rpc.certificate}`
			`rpcsslprivatekeyfile=${cfg.rpc.key}`
			`rpcsslciphers=TLSv1.2+HIGH:TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH`
			`'');`
namecoind nixos module: init 2015-09-08 17:24:40 +00:00
			`in`

			`{`

			`###### interface`

			`options = {`

			`services.namecoind = {`

nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned. 2024-04-13 12:54:15 +00:00			`enable = mkEnableOption "namecoind, Namecoin client";`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00
			`wallet = mkOption {`
			`type = types.path;`
			`default = "${dataDir}/wallet.dat";`
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned. 2024-04-13 12:54:15 +00:00			`description = ''`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`Wallet file. The ownership of the file has to be`
			`namecoin:namecoin, and the permissions must be 0640.`
			`'';`
			`};`

			`generate = mkOption {`
namecoind nixos module: init 2015-09-08 17:24:40 +00:00			`type = types.bool;`
			`default = false;`
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned. 2024-04-13 12:54:15 +00:00			`description = ''`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`Whether to generate (mine) Namecoins.`
namecoind nixos module: init 2015-09-08 17:24:40 +00:00			`'';`
			`};`

namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`extraNodes = mkOption {`
			`type = types.listOf types.str;`
			`default = [ ];`
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned. 2024-04-13 12:54:15 +00:00			`description = ''`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`List of additional peer IP addresses to connect to.`
namecoind nixos module: init 2015-09-08 17:24:40 +00:00			`'';`
			`};`

namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`trustedNodes = mkOption {`
			`type = types.listOf types.str;`
			`default = [ ];`
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned. 2024-04-13 12:54:15 +00:00			`description = ''`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`List of the only peer IP addresses to connect to. If specified`
			`no other connection will be made.`
			`'';`
			`};`

			`rpc.user = mkOption {`
			`type = types.nullOr types.str;`
namecoind nixos module: init 2015-09-08 17:24:40 +00:00			`default = null;`
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned. 2024-04-13 12:54:15 +00:00			`description = ''`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`User name for RPC connections.`
namecoind nixos module: init 2015-09-08 17:24:40 +00:00			`'';`
			`};`

namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`rpc.password = mkOption {`
treewide: fix modules options types where the default is null They can be caught with `nixos-option -r` on an empty ({...}:{}) NixOS configuration. 2020-04-28 17:13:21 +00:00			`type = types.nullOr types.str;`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`default = null;`
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned. 2024-04-13 12:54:15 +00:00			`description = ''`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`Password for RPC connections.`
namecoind nixos module: init 2015-09-08 17:24:40 +00:00			`'';`
			`};`

namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`rpc.address = mkOption {`
			`type = types.str;`
			`default = "0.0.0.0";`
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned. 2024-04-13 12:54:15 +00:00			`description = ''`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`IP address the RPC server will bind to.`
			`'';`
			`};`

			`rpc.port = mkOption {`
nixos/namecoind: use `port` type 2021-06-18 15:27:42 +00:00			`type = types.port;`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`default = 8332;`
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned. 2024-04-13 12:54:15 +00:00			`description = ''`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`Port the RPC server will bind to.`
			`'';`
			`};`

			`rpc.certificate = mkOption {`
namecoind nixos module: init 2015-09-08 17:24:40 +00:00			`type = types.nullOr types.path;`
			`default = null;`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`example = "/var/lib/namecoind/server.cert";`
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned. 2024-04-13 12:54:15 +00:00			`description = ''`
namecoind nixos module: init 2015-09-08 17:24:40 +00:00			`Certificate file for securing RPC connections.`
			`'';`
			`};`

namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`rpc.key = mkOption {`
namecoind nixos module: init 2015-09-08 17:24:40 +00:00			`type = types.nullOr types.path;`
			`default = null;`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`example = "/var/lib/namecoind/server.pem";`
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned. 2024-04-13 12:54:15 +00:00			`description = ''`
namecoind nixos module: init 2015-09-08 17:24:40 +00:00			`Key file for securing RPC connections.`
			`'';`
			`};`

namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00
			`rpc.allowFrom = mkOption {`
			`type = types.listOf types.str;`
			`default = [ "127.0.0.1" ];`
nixos: remove all uses of lib.mdDoc these changes were generated with nixq 0.0.2, by running nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/.nix nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix two mentions of the mdDoc function remain in nixos/, both of which are inside of comments. Since lib.mdDoc is already defined as just id, this commit is a no-op as far as Nix (and the built manual) is concerned. 2024-04-13 12:54:15 +00:00			`description = ''`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`List of IP address ranges allowed to use the RPC API.`
			`Wiledcards (*) can be user to specify a range.`
			`'';`
			`};`

namecoind nixos module: init 2015-09-08 17:24:40 +00:00			`};`

			`};`


			`###### implementation`

			`config = mkIf cfg.enable {`

treewide: use attrs instead of list for types.loaOf options 2019-09-14 17:51:29 +00:00			`users.users.namecoin = {`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`uid = config.ids.uids.namecoin;`
			`description = "Namecoin daemon user";`
			`home = dataDir;`
			`createHome = true;`
			`};`
namecoind nixos module: init 2015-09-08 17:24:40 +00:00
treewide: use attrs instead of list for types.loaOf options 2019-09-14 17:51:29 +00:00			`users.groups.namecoin = {`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`gid = config.ids.gids.namecoin;`
			`};`
namecoind nixos module: security enhancements 2015-09-10 16:04:04 +00:00
namecoind nixos module: init 2015-09-08 17:24:40 +00:00			`systemd.services.namecoind = {`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`description = "Namecoind daemon";`
			`after = [ "network.target" ];`
			`wantedBy = [ "multi-user.target" ];`

nixos/modules: fix systemd start rate-limits These were broken since 2016: https://github.com/systemd/systemd/commit/f0367da7d1a61ad698a55d17b5c28ddce0dc265a since StartLimitIntervalSec got moved into [Unit] from [Service]. StartLimitBurst has also been moved accordingly, so let's fix that one too. NixOS systems have been producing logs such as: /nix/store/wf98r55aszi1bkmln1lvdbp7znsfr70i-unit-caddy.service/caddy.service:31: Unknown key name 'StartLimitIntervalSec' in section 'Service', ignoring. I have also removed some unnecessary duplication in units disabling rate limiting since setting either interval or burst to zero disables it (https://github.com/systemd/systemd/blob/ad16158c10dfc3258831a9ff2f1a988214f51653/src/basic/ratelimit.c#L16) 2020-09-09 07:31:27 +00:00			`startLimitIntervalSec = 120;`
			`startLimitBurst = 5;`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`serviceConfig = {`
			`User = "namecoin";`
namecoin service: fix typo 2017-09-15 21:08:53 +00:00			`Group = "namecoin";`
nixos/{namecoind,bitcoind}: removing the altcoin prefix 2019-08-30 16:29:29 +00:00			`ExecStart = "${pkgs.namecoind}/bin/namecoind -conf=${configFile} -datadir=${dataDir} -printtoconsole";`
namecoind: refactor nixos module 2017-01-18 18:53:11 +00:00			`ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";`
			`ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";`
			`Nice = "10";`
			`PrivateTmp = true;`
			`TimeoutStopSec = "60s";`
			`TimeoutStartSec = "2s";`
			`Restart = "always";`
			`};`

			`preStart = optionalString (cfg.wallet != "${dataDir}/wallet.dat") ''`
			`# check wallet file permissions`
			`if [ "$(stat --printf '%u' ${cfg.wallet})" != "${toString config.ids.uids.namecoin}" \`
			`-o "$(stat --printf '%g' ${cfg.wallet})" != "${toString config.ids.gids.namecoin}" \`
			`-o "$(stat --printf '%a' ${cfg.wallet})" != "640" ]; then`
			`echo "ERROR: bad ownership or rights on ${cfg.wallet}" >&2`
			`exit 1`
			`fi`
			`'';`

namecoind nixos module: init 2015-09-08 17:24:40 +00:00			`};`

			`};`

nixos: add myself to maintainers 2019-12-04 16:07:45 +00:00			`meta.maintainers = with lib.maintainers; [ rnhmjoj ];`

namecoind nixos module: init 2015-09-08 17:24:40 +00:00			`}`